Skip to main content
CVE-2022-46443 HIGH POC THREAT This Week

mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bangresto
NVD
CVSS 3.1
8.8
EPSS
37.7%
CVE-2022-46074 HIGH POC This Week

Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Helmet Store Showroom
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-42139 HIGH POC THREAT This Week

Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injection via Crafted URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dvw W02W2 E2 Firmware
NVD
CVSS 3.1
8.8
EPSS
18.2%
CVE-2022-37155 HIGH POC PATCH THREAT This Week

RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Spip
NVD GitHub
CVSS 3.1
8.8
EPSS
40.0%
CVE-2022-23512 HIGH POC This Week

MeterSphere is a one-stop open source continuous testing platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2022-44910 HIGH POC This Week

Binbloom 2.0 was discovered to contain a heap buffer overflow via the read_pointer function at /binbloom-master/src/helpers.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Binbloom
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-44898 HIGH POC This Week

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Aura Sync
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-46127 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-46126 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/brands/manage_brand.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-46125 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=client/manage_client&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2022-46124 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=user/manage_user&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46123 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/manage_category.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46122 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/categories/view_category.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46121 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/manage_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46120 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/admin/?page=products/view_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46119 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=categories&c=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46118 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=product_per_brand&bid=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46117 HIGH POC This Week

Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/?page=view_product&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Helmet Store Showroom Site
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-42140 HIGH POC This Week

Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injection via lform/net_diagnose. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dx 2100 L1 Cn Firmware
NVD
CVSS 3.1
7.2
EPSS
2.4%
CVE-2022-46344 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2022-46343 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2022-46342 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-46341 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-46340 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-46256 HIGH This Week

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal RCE Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2022-34271 HIGH PATCH This Week

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem.8.4 to 2.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Atlas
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-23503 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Typo3
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-4440 HIGH This Week

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4439 HIGH This Week

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft Use After Free Memory Corruption +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4438 HIGH This Week

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4437 HIGH This Week

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4436 HIGH This Week

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-2601 HIGH This Week

A buffer overflow was found in grub_font_construct_glyph(). Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Grub2 Fedora Enterprise Linux Eus +5
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2022-31705 HIGH This Week

VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE VMware Buffer Overflow Workstation +2
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2022-4283 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption X Server Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-47411 HIGH PATCH This Week

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fp Newsletter
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-47410 HIGH PATCH This Week

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fp Newsletter
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-47409 HIGH PATCH This Week

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Fp Newsletter
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-31703 HIGH This Week

The vRealize Log Insight contains a Directory Traversal Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Vrealize Log Insight
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-23517 HIGH PATCH This Week

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Rails Html Sanitizers Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2022-23516 HIGH PATCH This Week

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Loofah
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-23514 HIGH PATCH This Week

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Loofah
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2022-23500 HIGH PATCH This Week

TYPO3 is an open source PHP based web content management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-31700 HIGH This Week

VMware Workspace ONE Access and Identity Manager contain an authenticated remote code execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE VMware Access Cloud Foundation Identity Manager
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-23741 HIGH This Week

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2022-4501 HIGH PATCH This Week

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vc_saving_data function in versions up to, and including, 4.3.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Mega Addons For Wpbakery Page Builder WPBakery Page Builder
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-40264 HIGH This Week

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ICONICS/Mitsubishi Electric GENESIS64 versions 10.96 to 10.97.2 allows an unauthenticated attacker to. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Genesis64
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy